Since last week the aggressive blackmail trojan Locky has been causing mischief on computers around the globe. According to media reports the virus mostly finds its way onto the network via macros in Microsoft Office documents. When the recipient opens an attachment, for instance containing a fake invoice, Locky encrypts all files on the affected computer. At the same time the malware also spreads via the network within the company, to active devices in USB drives or cloud storage with remarkable speed. After the computer has become infected, the user is then asked to pay a ransom for the decryption of the data. A blackmail letter appears on the screen with a demand for payment. It’s virtually impossible to crack this encryption. The German Federal Office for Information Security (BSI) strongly advises victims against giving in to demands for ransom. Instead, one should take a photo of the blackmail letter on the screen and immediately report the incident to the police.
Free Retarus E-Mail Security upgrade ensures maximum protection
Currently there is no virus protection software which provides total protection against such attacks. Retarus E-Mail Security services offer significantly higher levels of security by combining several virus scanners, as well as intelligent spam and phishing filters.
To ensure the best possible protection against this crypto Trojan, customers using Retarus E-Mail Security will receive a free upgrade for a limited period of time: Retarus will expand existing spam and virus protection functions and switch all customers over to fourfold virus scanning for the duration of the current, acute threat.
Beware of files with embedded macro code
But even the best anti-virus software is no substitute for the vigilance of users. In order to best safeguard themselves against attacks by Locky and similar ransomware, users should also deactivate the automatic execution of macro code in office programs, and to be especially careful when running macros which are absolutely essential.
You can find out here how to make the appropriate settings in Microsoft Office.
General attentiveness required
Users should additionally heed the following tips:
- Only open e-mail attachments if the e-mail appears to be trustworthy. Do you know the sender and are you familiar with the procedure described in the e-mail? You need to exercise particular caution with file formats ending in the following file extensions: .doc, .docx, .docxm, .xls, .xlsx, .xlsxm, .exe.
- Extremely sluggish responsiveness of the computer, high levels of hard drive activity without apparent reason or files with the extension .locky on your hard disk could be indications that the Locky encryption is already underway. In order to potentially save your existing data, the computer should be disconnected from the network and power sources at once. Shut your computer down and remove the battery pack from your notebook if necessary.
- Back your data up regularly, so that data that may be affected can quickly be restored with as little loss of data as possible. It is essential to consider when backing up, that Locky can also attack external storage devices if they are permanently connected to the computer.
- Always keep your operating system updated to the latest version: install all the latest patches for your operating system, your office applications, your internet browser, Flash Player and PDF reader. Locky and other similar ransomware find their way into your systems through so-called “back doors”. These gateways are created by security gaps in the operating systems or software, for instance the browser. Regular updates can generally shut a lot of these gateways.
- Install virus scanners on all your systems. It is also essential to keep this software up to date, so that is able to recognize current malware.